| Check csf SMTP_BLOCK option WARNING This option will help prevent the most common form of spam abuse on a server that bypasses exim and sends spam directly out through port 25. Enabing this option will prevent any web script from sending out using socket connection, such scripts
Check /dev/shm is mounted noexec,nosuid WARNING /dev/shm isn't mounted with the noexec,nosuid options (currently: none). You should consider adding a mountpoint into /etc/fstab for /dev/shm with those options
Check /etc/named.conf for recursion restrictions WARNING you have a local DNS server running but do not have any recursion restrictions set in /etc/named.conf. This is a security and performance risk and you should look at restricting recursive lookups to the local IP addresses only
Check MySQL version WARNING You are running a legacy version of MySQL (v4.1.22) and should consider upgrading to v5.* as recommended by MySQL
Check SSHv1 is disabled WARNING You should disable SSHv1 by editing /etc/ssh/sshd
Check SSH on non-standard port WARNING You might want to consider moving SSH to a non-standard port to avoid basic SSH port scans by editing /etc/ssh/sshd_config and setting:
Port nnnn
Check SSH on non-standard port WARNING You might want to consider moving SSH to a non-standard port to avoid basic SSH port scans by editing /etc/ssh/sshd_config and setting:
Port nnnn
Check Background Process Killer WARNING You should enable each item in the WHM > Background Process Killer
Check root forwarder WARNING The root account should have a forwarder set so that you receive essential email from your server
Check exim for extended logging WARNING You should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add:
log_selector = +arguments +subject
to the first textarea in the Advanced Mode Exim Configuration Editor
Check apache version WARNING You are running a legacy version of apache (v2.0.63) and should consider upgrading to v2.2.* as recommended by apache
Check suPHP WARNING To reduce the risk of hackers accessing all sites on the server from a compromised PHP web script, you should enable suPHP when you build apache/php. Note that there are sideeffects when enabling suPHP on a server and you should be aware of these before enabling it
Check apache for mod_security WARNING You should install the mod_security apache module during the easyapache build process to help prevent exploitation of vulnerable web scripts, together with a set of SecFilters
Check php for register_globals WARNING You should modify the PHP configuration (usually in /usr/local/lib/php.ini) and set:
register_globals = Off
unless it is absolutely necessary as it is seen as a significant security risk
Check php for disable_functions WARNING You should modify the PHP configuration (usually in /usr/local/lib/php.ini) and disable commonly abused php functions, e.g.:
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen
Some client web scripts may break with some of these functions disabled, so you may have to remove them from this list
Check php for enable_dl WARNING You should modify /usr/local/lib/php.ini and set:
enable_dl = Off
This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in the PHP configuration (usually in /usr/local/lib/php.ini)
arkadaslar bu kırmızı uyarı verilen degerlerin bu şekilde kalmasının bir kötü yanı varmı var ise nelerdir ve hangi degerleri nasıl güvenli hale getirebiliriz.? şimdiden yardımcı olacak arkadaslara teşekkürlerimi iletirim.  |